Computer systems are currently in wide use. Some such computer systems are deployed in multi-tenant environments where a multi-tenant service provides services to multiple different tenants. Each tenant can correspond to a separate organization.
The level of services provided by the multi-tenant system can vary widely. For instance, they can range from infrastructure as a service (IaaS) in which items of infrastructure are managed by the service provider and everything else is managed by the individual tenants, to software as a service (SaaS) in which even the applications being used by the tenants are run and managed by the service provider.
Such systems can present difficulties with respect to security. Each organization served by the service provider wishes the service provider to have sufficient access to the organization's data so that the service provider can provide adequate service. However, the organizations also wish that security be provided so that the data of the organization is not compromised by any surreptitious attack on the service provider's management system.
Some current approaches to addressing this problem include performing background checks on administrative personnel who have standing, persistent administrative permissions within the system. Another approach has been to segregate access so that only certain administrative personnel have access to certain portions of the system.
The security problem can be exacerbated where the service provider is providing multi-tenant services on a multi-national basis. Some organizations may insist that only administrative personnel who reside in their country may have access to their information. Further, they may insist that all enforcement of security policies and permissions be executed by a system that resides within their country or jurisdiction.
The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.